﻿using System;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
using Microsoft.IdentityModel.TokenProcessor;

public partial class _StsLogin : System.Web.UI.Page 
{
	public static SqlConnection cn;

    protected void Page_Load(object sender, EventArgs e)
    {
		if (!Page.IsPostBack)
		{
			Session["user_id"] = "";
			Session["username"] = "";
			Session["loaded"] = false;
			txtUserName.Text = "";
			txtPassword.Text = "";
		}
    }
	protected void Button1_Click(object sender, EventArgs e)
	{
		cn = new SqlConnection();
		try
		{
		    cn.ConnectionString = ConfigurationManager.ConnectionStrings["stsConStr"].ConnectionString;
		    SqlCommand cmd = new SqlCommand("checkLogin", cn);
		    cmd.CommandType = CommandType.StoredProcedure;

		    cmd.Parameters.Add("@un", SqlDbType.VarChar, 50).Value = txtUserName.Text;
			cmd.Parameters.Add("@pw", SqlDbType.VarChar, 50).Value = txtPassword.Text;

			SqlParameter userIdParam = cmd.Parameters.Add("@user_id", SqlDbType.Int);
			userIdParam.Direction = ParameterDirection.Output;

		    SqlParameter emailParam = cmd.Parameters.Add("@email", SqlDbType.VarChar, 50);
		    emailParam.Direction = ParameterDirection.Output;

		    cn.Open();
		    cmd.ExecuteScalar();

			if (userIdParam.Value.ToString() != "")
		    {
		        Session["sqlConnection"] = cn;
				Session["user_id"] = userIdParam.Value.ToString();
		        Session["email"] = emailParam.Value.ToString();
		        Session["username"] = txtUserName.Text;
				Response.Redirect("StsManager.aspx");
		    }
		    else
		        MessageBox.Show("You aren't authorized!");
		}
		catch (Exception ex)
		{
		    MessageBox.Show(ex.Message);
		}
		finally
		{
		    cn.Close();
		}
	}
	protected void ImageButton1_Click(object sender, ImageClickEventArgs e)
	{
		cn = new SqlConnection();
		string xmlToken = XmlTokenField.Value;

		if (string.IsNullOrEmpty(xmlToken))
			return;

		try
		{
			Token token = new Token(xmlToken);

			cn.ConnectionString = ConfigurationManager.ConnectionStrings["stsConStr"].ConnectionString;
			SqlCommand cmd = new SqlCommand("CheckInfoCardLogin", cn);
			cmd.CommandType = CommandType.StoredProcedure;

			cmd.Parameters.Add("@samlUniqueId", SqlDbType.NVarChar, 44).Value = token.UniqueID;

			SqlParameter userIdParam = cmd.Parameters.Add("@user_id", SqlDbType.Int);
			userIdParam.Direction = ParameterDirection.Output;

			SqlParameter unParam = cmd.Parameters.Add("@un", SqlDbType.VarChar, 50);
			unParam.Direction = ParameterDirection.Output;

			SqlParameter emailParam = cmd.Parameters.Add("@email", SqlDbType.VarChar, 50);
			emailParam.Direction = ParameterDirection.Output;
			
			cn.Open();
			cmd.ExecuteScalar();

			if (unParam.Value.ToString() != "")
			{
				Session["sqlConnection"] = cn;
				Session["user_id"] = userIdParam.Value.ToString();
				Session["email"] = emailParam.Value.ToString();
//				Session["email"] = token.Claims["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"];
				Session["username"] = unParam.Value.ToString();
				Response.Redirect("StsManager.aspx");
			}
			else
				MessageBox.Show("You aren't authorized!");

		}
		catch (Exception ex)
		{
			MessageBox.Show(ex.Message);
		}
		finally
		{
			cn.Close();
		}
	}
	protected void Button2_Click(object sender, EventArgs e)
	{
		cn = new SqlConnection();
		try
		{
			cn.ConnectionString = ConfigurationManager.ConnectionStrings["stsConStr"].ConnectionString;
			Session["sqlConnection"] = cn;
			Response.Redirect("NewAccount.aspx");
		}
		catch (Exception ex)
		{
			MessageBox.Show(ex.Message);
		}
	}
}
